Windows 8/2012 sideloading crack

Discussion in 'Windows 8' started by kost, Oct 30, 2012.

Tags:
  1. kost

    kost MDL Member

    Jan 22, 2011
    116
    211
    10
    #1 kost, Oct 30, 2012
    Last edited by a moderator: Apr 20, 2017
  2. kost

    kost MDL Member

    Jan 22, 2011
    116
    211
    10
    As proof-of-concept I post instructions on how to crack PowerDVD mobile from windows store.

    1) Get and repack appx.
    2) Install it using my Sideloading crack.
    3) In appcontainer folder (C:\Program Files\WindowsApps\...)
    change "js\syslayer\PurchaseInformation.js"
    (function(){var x=PowerDVD.Config;var a=null;var u=null;function b(){if(x.APP_LOAD_LICENSE_INFO) ..........
    =>
    (function(){var x=PowerDVD.Config;var a=null;var u=null;function b(){return;if(x.APP_LOAD_LICENSE_INFO) ..........

    This remove trial checks from powerdvd. Its now sideloaded and cracked.
     
  3. snorge

    snorge MDL Novice

    Aug 15, 2012
    45
    2
    0
    virus check?
     
  4. kost

    kost MDL Member

    Jan 22, 2011
    116
    211
    10
    It depens on what you treat as a virus.
    Virus is a code that do something undesired with your computer without your intent.
    For me, it is undesired not to have my freedom not to pay any money to microsoft or software vendors.
    If microsoft enforces DRM, it does something undesired for me. It takes control of my computer from me.
    Remember terminator 3. Skynet is the virus itself. Microsoft is the virus.
     
  5. Espionage724

    Espionage724 MDL Addicted

    Nov 7, 2009
    902
    255
    30
    That is a very interesting view :) Not saying I agree or disagree with it, but I never really thought of it like that :p
     
  6. Windows user

    Windows user MDL Senior Member

    Sep 11, 2012
    445
    101
    10
    #6 Windows user, Oct 30, 2012
    Last edited: Oct 30, 2012
    And so begins the tampering of apps :p
     
  7. nosferati87

    nosferati87 MDL Junior Member

    Apr 6, 2011
    73
    213
    0
    Thanks kost for sharing your findings, this looks very interesting. Patching wsservice shouldn't be necessary if you've acquired a developer license with Visual Studio I think?

    Alternatively to your method for patching individual apps, it should be possible to hook into the WinStore licensing API and return fake license info for in-app-purchasements (you'd need to know the names of the features the app is looking for but these can be easily obtained by looking at the source of the app). You could then put together a list of all in-app-purchasements of all the apps in the store and magically any feature of any app should be activated. Constructing the necessary WinRT objects could get complicated but in principial it should be doable.
     
  8. kost

    kost MDL Member

    Jan 22, 2011
    116
    211
    10
    Developer license is free and easy to install in powershell. But :
    a) it expires every month
    b) Microsoft in license terms promise track some activity under development license to prevent "abuse" such as piracy. Some data is sent to them.

    Yes, this is the right approach. If all software rely on a single DRM engine, its obvious to patch it.
    But it requires some study and analysis of course. WinRT programming is new to me at the moment.
    Sideloading crack for me was some kind of jailbreaking. I dont like being bound to a single source of software.
    I prefer Google approach for android where users can install packages from other sources.
    Because it have something common with freedom of choice.
    Apple and MS do many things in the name of security (installing software is dangerous, you can have a virus...).
    But main reason for them is money.
    MS take 30% of all sales from the windows store. Imagine how much cost all software in the world.
    How big is 30% of all software sales. Bill gates will be trillionaire soon :) If only winRT succeeds.
    They force users to use IT even on desktop. They change peoples minds about how computer should look and feel.
     
  9. luakhan

    luakhan MDL Junior Member

    Nov 14, 2011
    84
    15
    0
    What is the problem? o_O
     

    Attached Files:

  10. kost

    kost MDL Member

    Jan 22, 2011
    116
    211
    10
    #10 kost, Oct 30, 2012
    Last edited: Oct 30, 2012
    (OP)
    I found the problem.
    It happens because to the moment you run installer some svchost services in the same group are already running.
    Svchost read service list in the group only once at the start of first service (when svchost process is created).
    It is necessary to stop all services in the group for svchost to be terminated.
    I'll modify installer ..
    But now you can reboot and it should fix the problem
     
  11. kost

    kost MDL Member

    Jan 22, 2011
    116
    211
    10
    #11 kost, Oct 30, 2012
    Last edited: Oct 30, 2012
    (OP)
    Updated version to 1.0.1
    It should install on clean system now.
    I also added appx dendepdencies - winRT VCL runtime and WinJS
    Almost every package require one or both of them.
    Happy repacking !
     
  12. unrandomsam

    unrandomsam MDL Novice

    Jan 9, 2010
    27
    7
    0
    This only works with Enterprise (Or a dev key that expires each month correct ?)
     
  13. kost

    kost MDL Member

    Jan 22, 2011
    116
    211
    10
    http :// technet.microsoft.com/en-us/library/hh852635.aspx

    Officially works on Enterprise and Pro or on Server 2012 any edition.

    May be its quite easy to crack windows and use sideloading on Core win8.
    There's suspicious export function in WSSunc.dll : WSGetLOBEnabledSKUFlag with prototype :
    HRESULT WSGetLOBEnabledSKUFlag(int *bIsEnabled);
    On Server 2012 and win 8 Enterprise (I'm sure on Pro also) it puts 1 into bIsEnabled.
    LOB here means Line-Of-Business applications. Same as sideloading.

    I want to install Core edition win8 and check. Probably it will return zero.
    Then try to patch it. May be it will do the trick.
     
  14. KNARZ

    KNARZ MDL Addicted

    Oct 9, 2012
    876
    457
    30
    #14 KNARZ, Oct 30, 2012
    Last edited: Oct 30, 2012
    PLEASE SOMEONE HACK THE DAMN LICENSE SYSTEM.

    The pretty sure the values in the License system (tokens.dat)
    "WSLicensingService-EnableLOBApps" and/or "WSLicensingService-LOBSideloadingActivated"

    Just prohibit everyone. They are 0, If you have a "APPXLOB-Client" Edition, you can override the SideloadingActivated Value to 1.

    If someone would hack the system that WE ALL could place any value in the file, than we could customize in VERY cool ways.


    But great work so far!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. kost

    kost MDL Member

    Jan 22, 2011
    116
    211
    10
    #15 kost, Oct 31, 2012
    Last edited: Oct 31, 2012
    (OP)
    My observation also confirm - the core of the evil for sideloading key is softwareprotection service.
    Its logical. Slmgr.vbs supposed to accept sideloading key - it is sppsvc client

    But more interesting part for me is

    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\WSLicense\tokens.dat
    Here WSService store some licensing info about apps downloaded from windows store.
    Info for each app is in the form of XML formatted blocks like this :

    Then digital signature follows. damn forum do not allow me to post URLs yet :)
    License is bound to specific hardware id. Contain type - full, trial, god knows what else

    It means that if wsservice license system is hacked - most of the store apps will be unlocked
    This is another reason why I started my runtime patching project.
    My platform allow patching of wsservice code in the memory avoiding microsoft signagure check.

    Hey, ppl, anyone want to spend some time in IDA and hack the damn licensing thing ? :)
     
  16. luakhan

    luakhan MDL Junior Member

    Nov 14, 2011
    84
    15
    0
    Not working:(
     

    Attached Files:

  17. kost

    kost MDL Member

    Jan 22, 2011
    116
    211
    10
    Are you launching it on Core edition ? Core edition dont allow sideloading.
     
  18. luakhan

    luakhan MDL Junior Member

    Nov 14, 2011
    84
    15
    0
    windows 8 pro with wmc
     
  19. kost

    kost MDL Member

    Jan 22, 2011
    116
    211
    10
    If you could proceed with add-appxpackage without error it means certificate validation is ok.
    To detect problem I need info :

    1) Did installer complete with success ?
    2) Is wsservicecrk running ?
    3) When did you deploy appx ? It must be deployed when wsservicecrk is running. If you first deployed appx then run crack service app will still remain invalid.
    4) debug output from systeinternals tool DebugView - from wsservicecrk start till end of deploying appx
     
  20. kost

    kost MDL Member

    Jan 22, 2011
    116
    211
    10
    #20 kost, Oct 31, 2012
    Last edited: Oct 31, 2012
    (OP)
    My mistake ! I did not read carefully. Pro also do not allow LOB applications.
    So it work only on enterprise or server
    Not good. But for win8 enterprise edition will be the first target for pirated distribution.
    Win8 use OEM activation 3.0 and it does not allow fully offline activation. Cracks are mainly KMS-based.